BeepPassword managers are less secure than promised
CardboardVictimFor people interested there were 3 cloud based password managers tested and this is what they found
The researchers demonstrated 12 attacks on Bitwarden, 7 on LastPass and 6 on Dashlane.
sexy_peachIs there a reason why these attacks were on cloud based pw managers?
From what I scanned, there was no reason given on why they only attacked cloud based providers.
My guess is that these are paid ones and thus have a ‘market share’, easier to attack etc.
If you attack a ‘keepass’ password the attack vector is more crypto / memory based as far as my limited knowledge goes and not some funky inbetween attack.
Also, if you attack a cloud base provides, you will most likely have multiple victims per breach / exploit, whilst offline are targeted and thus not so interesting in most cases unless we’re talking about a person of interest
they ran the test on those pw managers because they were open source. that allowed the testers to implement a “dummy” provider on their own “compromised server.” so the results of failing the tests are based on the hypothetical situation of “what if bitwarden (or whoever) had an entire server taken over by hackers”. while the possibility of that happening are greater than zero, it would take a lot for someone to completely hijack a server like that
Oh okay so they probably delivered malicious code to the user entering their passwords… Well even an offline pw manager can be compromised in the code.
artyomUnfortunately they don’t explain what the attacks were in the article. Gonna need to find the paper to know.
AppoxoCopy pasting a comment that I saw on Reddit
——
Link to the original study (with a less sensationalized title):
A few important notes:
the study is about Bitwarden, LastPass, Dashlane and 1Password. Proton Pass isn’t mentioned.
the study presumes that they’re working with a malicious server (read this as compromised server, controlled by an attacker). The attacks they talk about in the article would not work on a normal server. Here’s their quote:
No need to panic: all of our attacks presume a malicious server. We have no reason to believe that the password manager vendors are currently malicious or compromised, and as long as things stay that way, your passwords are safe. That said, password managers are high-value targets, and breaches do happen.
- Here’s another quote, about other password managers:
You can ask your provider the following questions:
You can also ask your favourite password manager to commission an audit checking for our attacks in their products.
- If you still feel unsure/unsafe, then adopt an offline password manager (I highly recommend keepassXC).
I too recommend KeepassXC, works even on android with KeepassDX. I use syncthing to sync between devices (work, personal and android)
I also use KeepassXC, and it’s great. I’m interested in setting up Syncthing between my Android, Linux desktop, and NAS. Do you have any tips or articles/resources that you used to set it up?
Hmm, I don’t think I’ve optimized it either to be fair. I wanted to use my phone as a ‘bridge in between’ but that means it uses battery since it ‘checks’ whats online.
In reality my phone is usually on demand and since I work from home, my work device is usually still turned on when I turn on my ‘good computer’ with fun projects.
One thing that I find useful is the backup / version control settings, I’ve set it up that there is a version control if it overwrites things so that when conflicts happen (eg a sync didn’t happen and I changed both keepass databases) I can quickly ‘merge’ them or sync them up manually.
I’ve also heard that syncthing isn’t available on android anymore but a fork (that is somewhat vetted, iirc) exist.
If you can run applications on your NAS & connect to it from anywhere, it could be used as a type of ‘master’ server that keeps everything in sync that is always online.
Although syncthing is awesome, i use rclone to fetch the latest version of the password database. With syncthing, i would worry about collisions. Maybe would be better to sync it between two devices, Android and Linux.
ÜbercomplicatedDoes anyone still talk about Keeper password manager? I feel like I used to hear about that one a lot, and now it has just disappeared off of the face of the earth.
KushanFrom the paper itself:
We had a video-conference and numerous email exchanges with Bitwarden. At the time of writing, they are well advanced in deploying mitigations for our attacks: BW01, BW03, BW11, BW12 were addressed, the minimum KDF iteration count for BW07 is now 5000, and their roadmap includes completely removing CBC-only encryption, enforcing per-item keys and changing the vault format for integrity. On 22.12.25 they shared with us a draft for a signed organisation membership scheme, which would resolve BW08 and BW09. At our request, to maintain anonymity, they have not yet credited us publicly for the disclosure, but plan to do so.
I didn’t look at the response to other Password managers, but the gist here is that the article is overblowing the paper by quite a bit and the majority of the “issues” discovered are either already fixed, or active design decisions.
1984I was also just looking for bitwarden information. Its just the best password manager and has never failed to do its job.
I dont know what they mean with less secure than promised. I didnt expect them to be perfect, and havent read that they promise no security flaws.
They advertise that passwords are only stored on the server in encrypted form, meaning they couldn’t read them even if they wanted to (or were forced to by a government agency) and you don’t have to trust them not to. This paper shows that several vulnerabilities exist in the protocol which could be exploited by malicious code running on the server (injected by hackers or a government agency), which would then allow an attacker to obtain cleartext-passwords. So you do, in fact, have to trust the servers integrity.
but the gist here is that the article is overblowing the paper by quite a bit and the majority of the “issues” discovered are either already fixed, or active design decisions.
“fixed”
You probably can't trust your password manager if it's compromised - Lemmy
cross-posted from: https://infosec.pub/post/42164102 [https://infosec.pub/post/42164102] > Researchers demo weaknesses affecting some of the most popular options Academics say they found a series of flaws affecting three popular password managers, all of which claim to protect user credentials in the event that their servers are compromised.…
The beauty of open source
tl;dr:
and an observation or two:
- Vaultwarden is free, self-hostable, and doesn’t rely on trust in a third party.
- Keepass (and its client variants, like KeepassXC which is pretty great) is even more secure because there is no server, just an encrypted file you can store anywhere.
Keepass (and its client variants, like KeepassXC which is pretty great) is even more secure because there is no server, just an encrypted file you can store anywhere.
And simultaneously less secure because it’s up to you to handle keeping your vault synced between various devices and most people are significantly worse at keeping systems secure than the professionals at the password managers.
Self hosting a server of some kind or using something like Keepass on a single device (with offline backups) is the most secure option, but as usual with security doing so trades significant convenience for security. For most people who are uninterested in making sure their servers are kept up to date week to week letting professionals handle it is the better option.
Sure, but at the end of the day even if you don’t update your vaultwarden server or you rely on an insecure storage sync system like dropbox, your actual vault is encrypted with a key that only you know. Even if your server is hacked or the kdbx is leaked, your passwords are safe until someone breaks AES.
Contrast that with hosted services, who could very easily attach their own keys to your encryption key (whether now or in the future at the behest of the state) and you’d be none the wiser. E2EE doesn’t matter much when the other end is controlled by someone else.
I’m not disagreeing that most people just want something to work without thinking about, and for that reason I’m glad that services like bitwarden and lastpass and protonpass exist. My intent was not FUD, just shining a light on the fact that keeping your passwords secure does not require trusting a company.
Sure, but at the end of the day even if you don’t update your vaultwarden server or you rely on an insecure storage sync system like dropbox, your actual vault is encrypted with a key that only you know. Even if your server is hacked or the kdbx is leaked, your passwords are safe until someone breaks AES.
not really the case: lemmy.ml/comment/24008121
Contrast that with hosted services, who could very easily attach their own keys to your encryption key
how would official Bitwarden be able to accomplish that? apart from this vulnerability, they can’t use their servers to add their own keys.
You probably can't trust your password manager if it's compromised - Lemmy
cross-posted from: https://infosec.pub/post/42164102 [https://infosec.pub/post/42164102] > Researchers demo weaknesses affecting some of the most popular options Academics say they found a series of flaws affecting three popular password managers, all of which claim to protect user credentials in the event that their servers are compromised.…
And simultaneously less secure because it’s up to you to handle keeping your vault synced between various devices and most people are significantly worse at keeping systems secure than the professionals at the password managers.
It is not less secure.
If the Bitwarden servers are compromised (either by hacking or by being forced to by the government of the country where they are hosted) then code could be run which would allow the attacker to receive your plaintext password and that is used to decrypt your data.
If a user is so horrible at syncing that they accidentally synced their database file to a public Twitter post, it is still protected by AES-256 which can’t be broken by a simple subpoena.
In either case, syncthing is pretty simple to use and is the common recommendation for the kind of small personal file sync that you need here. It also adds an additional security layer, on top of the unbreakable AES-256 encryption, to the whole setup.
shortwavesurferI store my keypass database on several flash drives in different physical locations and update them several times per year to make sure that even if I do lose the copy I have, the versions on the flash drives, not at my physical location, are decently up to date, and so if I do lose any of the password data, it will be only for a couple of months worth if that.
If I add things that are extremely important, such as a new mortgage provider, or some sort of financial data into my keypass database, then I do an unscheduled immediate update to all of my flash drives in different physical locations to make sure that they all have that, but if it’s just a social media account, and I was to lose access to it, and not have the password for it, then… I wouldn’t be too upset about it.
In the absolute worst possible case, I stand to lose 3 months worth of data. It’s not often that I have to tweak stuff in my password manager, so that would be very few changes.
Great.
I am now your spouse and you want to give me access to the flash drive. What now?
New requirement: I have several passwords I want to give you access to as well. What now?
As with everything: Your solution may work for yourself and a few others. The majority don’t want to collect 5 flash drives in different locations every 3 months to update a file (and making sure it’s the correct vault they have copied)
PThe master copy stays on my device. If I need to give somebody access to a specific password, I just give them that password locally and they put it in their password manager for that account.
Same thing occurs if they need to give me a password. They give me the password. I put it in my password manager and then I’m the one who updates the flash drives on the rotating basis like I mentioned above.
Great.
Now your data is (potentially) exactly where you are trying to keep it out of.
So you made it more cumbersome to yourself by keeping your data as local as possible, yet still chosing to give up the tiny sliver of additional security for the comfort of others.
I don’t want to be annoying. But I hope you see what I am trying to convey.
I’m sorry, but I really don’t see what you’re trying to convey. The people I give my passwords to also don’t use cloud password managers.
𝙲𝚑𝚊𝚒𝚛𝚖𝚊𝚗 𝙼𝚎𝚘𝚠These attacks can happen through server impersonation as well. The actual cloud servers need not be compromised, just the user’s browser has to be. This attack can then leak passwords and allow malicious parties to even gain access on the actual cloud servers apparently.
patatahooliganIf the password manager server is hacked and compromised, then syncing your passwords with the compromised server will lead to compromised passwords (duh)
What do you mean “duh”? The password managers claim that the exact opposite is true.
Most service providers therefore promote their products with the promise of “zero-knowledge encryption”. This means they assure users that their stored passwords are encrypted and even the providers themselves have “zero knowledge” of them and no access to what has been stored. “The promise is that even if someone is able to access the server, this does not pose a security risk to customers because the data is encrypted and therefore unreadable. We have now shown that this is not the case”, explains Matilda Backendal.
This would be true for a properly implemented end-to-end encryption scheme.
If the password manager server is hacked and compromised, then syncing your passwords with the compromised server will lead to compromised passwords (duh)
No, not “duh”. The right way to do this is client-side encryption/decryption. The server then does not at any moment know anything about your passwords.
Assume the breach - that includes your password manager host. Especially your password manager host.
Bitwarden have published a blog on this audit:
Security through transparency: ETH Zurich audits Bitwarden cryptography against malicious server scenarios | Bitwarden
A new in-depth security report is available, continuing the Bitwarden commitment to transparency and trusted open source security. The audit, conducted by the prestigious Applied Cryptography Group at ETH Zurich, proactively tested Bitwarden core cryptography operations against the hypothetical event of a maliciously compromised server. All issues identified in the report have been addressed by the Bitwarden team and have been included in the attached cryptography report for full transparency.
I was always (and still am) under the assumption that you are fucked anyway, if either endpoint is compromised.
Sure, you can do a lot to make it less and less comfortable to read a password. But I’m not convinced that it is possible to. Fully prevent it from happening, no matter how hard you try.
OMFG can people please fucking go away with this stupid “password managers are worthless” bullshit today. They are exactly as secure as promised, unless you went to the obviously shady ones that use web interfaces. People have been saying this for years, if you want security, keep your password manager offline.
not all of them, and some changes only apply to new passwords saved: lemmy.ml/comment/24008121
You probably can't trust your password manager if it's compromised - Lemmy
cross-posted from: https://infosec.pub/post/42164102 [https://infosec.pub/post/42164102] > Researchers demo weaknesses affecting some of the most popular options Academics say they found a series of flaws affecting three popular password managers, all of which claim to protect user credentials in the event that their servers are compromised.…
Yes, if you arent self hosting the web interface or using the desktop client.
There is no way to patch the inherent flaw that comes with delivering client software through a web browser. If the entire client is delivered as a web page from a server you dont control, then that server can modify the software however it pleases. Same applies to e2ee encrypted chat clients that run as a web page like element-web (browser based matrix client).
This feels a bit extreme though. Can you even trust anything online at that point? Do you also never leave your home carrying your wallet in case someone might rob you?
Bro i have my bank details, all my private 2FA, work 2FA, health insurance access, my families master passwords, steam access, and more in there. Its literally the most important piece of software that can exist in this day and age. No im not taking chances with that. The only thing you can do with my physical wallet if you rob me is buy something up to 20€ beyond which you need the cards pin. Everything else i can just deactivate by calling the relevant parties.
But on another note, websites have never really been resistant to MITM attacks. So you dont just have to trust the hoster but also everything in between you and them.
I assume you follow proper backup protocol of you are using offline password management.
How do you sync though? You keep one copy on your phone or something, I imagine? What apps and managers are you using?
KeepassXC is the goat :)
The database file is encrypted so its fine to sync it however you like. I use syncthing for it which is p2p. Obviously set a very good password on it if you sync it through unsecure channels.
I had a look at this, and the only thing that intrigued be about KeePass was the ChaCha20 encryption which seems modern and nice.
I usually use rbw which doesn’t use a web page to interact with BitWarden. It stores a local copy of the database, so the only time it contacts the servers is when adding new info or syncing or otherwise changing stuff.
I’ll look more into KeePassXC and KeePassDX for mobile. Might be interesting, but the annoying part would be the syncing. You’d have to pay close attention to where you add new entries, and not add entries on separate devices if you want them synced to all devices. Or does that work somehow with KeePassXC?